1. Field of the Invention
Embodiments of the present invention generally relate to network security techniques and, more particularly, to a method and apparatus for providing secure domain name services.
2. Description of the Related Art
Computer users have begun to rely upon their home computers to utilize on-line banking and e-commerce services. The users of online banking and e-commerce services have become more and more concerned with computer-related viruses as well as attacks specifically focused on web browsers. Such attacks are intended to compromise sensitive and confidential information that a user provides to the banking or e-commerce website during an on-line session.
Most browser-related security techniques provide a blacklisting function that does not allow a browser to access websites that are on a blacklist. These blacklisted websites are generally known by an anti-virus service provider to be security risks. The anti-virus service provider provides the blacklist to the host computer system via virus protection software. The anti-virus software informs the browser of certain websites that are not to be visited because they exist to compromise sensitive and confidential information. Such blacklisting techniques require the security solution to be constantly updated in response to ever changing and different attacker mechanisms. Consequently, such blacklisting techniques do not provide a perfect solution.
In one form of attack on a host computer, a browser is compromised when a user enters a particular website to be visited, e.g., a banking website, and malicious software directs the browser to an unauthorized domain name services (DNS) server. The unauthorized DNS server provides an IP address to the browser for an unauthorized banking website that has the look and feel of an authentic banking website. The unauthorized website will, in all likelihood be a malicious website. Unknowingly, the user enters their username and password into an unauthorized and malicious website, compromising their security.
In other instances, the malicious DNS server may direct the user to an appropriate and correct web server, but the malicious DNS server monitors all communications between the host computer and the web server. In this manner, the user's confidential information that is transmitted to use the banking services such as password, user name, and the like will be compromised.
Therefore, there is a need in the art for a method and apparatus for providing a secure DNS server.